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APPENDIX 

CLAIMS 

3. A method of processing service requests from a client to a server system through a 
network, said method comprising the steps of forwarding a service request from the chent to the 
server system, wherein communications between the cHent and server system are according to 
hypertext transfer protocol; 

returning a session identifier from the server system to the client, the client storing the 
session identifier for use in subsequent distinct requests to the server system; and 

appending the stored session identifier to each of the subsequent distinct requests from 
the chent to the server system. 

5. A method as claimed in Claim 3 wherein the session identifier includes a user identifier. 

6. A method as claimed in Claim 3 wherein the session identifier includes an expiration 
time for the session. 

7. A method as claimed in Claim 3 wherein the server system records information from the 
session identifier in a transaction log in the server system. 

8. A method as claimed in Claim 7 wherein the server system tracks the access history of 
sequences of service requests within a session of requests. 

9. A method as claimed in Claim 8 wherein the server system tracks the access history to 
determine service requests leading to a purchase made within the session of requests. 



1 0. A method as claimed in Claim 7 wherein the server system counts requests to particular 
services exclusive of repeated requests from a common client. 

11. A method as claimed in Claim 7 wherein the server system maintains a data base relating 
customer information to access patterns. 

12. A method as claimed in Claim 1 1 wherein the information includes customer 
demographics. 

13. A method as claimed in Claim 3 wherein the server system assigns the session identifier 
to an initial service request to the server system. 

14. A method as claimed in Claim 3 wherein the server system subjects the client to an 
authorization routine prior to issuing the session identifier and the session identifier is protected 
from forgery. 

15. A method as claimed in Claim 3 wherein the server system comprises plural servers 
including an authentication server which provides session identifiers for service requests to 
multiple servers. 

1 6. A method as claimed in Claim 1 5 wherein: 

a client directs a service request to a first server which is to provide the requested service; 




the first server checks the service request for a session identifier and only services a 
service request having a vaUd session identifier, and where the service request has no vaHd 
identifier: 

the first server returns a response to the chent, the response redirecting the service request 
fi*om the chent to the authentication server; 

the authentication server subjects the chent to an authorization routine and issues the 
session identifier to be appended to the service request to the first server; 

the chent forwards the service request appended with the session identifier to the first 
server; and 

the first server recognizes the session identifier and services the service request to the 
chent; and 

the chent appends the session identifier to subsequent service requests to the server 
system and is serviced without further authorization. 

1 7. A method as claimed in Claim 16 wherein the session identifier includes a user identifier. 

18. A method as claimed in Claim 16 wherein the session identifier includes an expiration 
time for the session. 

19. A method as claimed in Claim 16 wherein the session identifier provides access to a 
protected domain to which the session has access authorization. 




20. A method as claimed in Claim 19 wherein the session identifier is modified for access to 
a different protected domain. 

21 . A method as claimed in Claim 16 wherein the session identifier provides a key identifier 
for key management. 

22. A method as claimed in Claim 16 wherein the server system records information from the 
session identifier in a transaction log in the server system. 

23. The method of Claim 3 wherein the access rights of the client are fully contained within 
the session identifier. 

24. A method as claimed in Claim 3 wherein a service request is for a document and the 
session identifier includes a user identification, further comprising: 

returning the requested document wherein the document is customized for a particular 
user based on the user identification of the session identifier. 

25. A method as claimed in Claim 3 wherein a service request is for a document which has 
been purchased by a user, the session identifier comprises an authorization identifier, and further 
comprising: 

retuming the requested document if the authorization identifier indicates that the user is 
authorized to access the document. 




26. A method as claimed in Claim 3 wherein a service request is for a document wherein the 

session identifier comprises a user identifier, and further comprising: 
returning the requested document to the client; and 
charging the user identified in the identifier for access to the document. 

31 . The method of Claim 3, wherein at least one service request comprises a request for a 
document which has been purchased by a user, and wherein the session identifier comprises an 
authorization identifier, the method fiirther comprising: 

returning the requested document if the authorization identifier indicates that the user is 
authorized to access the document. 

32. A method as claimed in Claim 31, wherein the authorization identifier is encoded within 
a session identifier which is appended to the request. 

33. The method of Claim 3, wherein at least one service request comprises a request for a 
document, wherein the session identifier is designated by the server system, said method further 
comprising the steps of: 

retuming the requested document to the client; and 

charging the user identified in the session identifier for access to the document. 

34. A method as claimed in Claim 33, wherein a user identifier is encoded within a session 
identifier which is appended to the request. 



35. An information system on a network, comprising: 

means for receiving service requests from a client and for determining whether a service 
request includes a session identifier, wherein communications to and from the client are 
according to hypertext transfer protocol; 

means for providing the session identifier in response to an initial service request from 
the client in a session of requests; 

means for storing, at the client, the session identifier for use in each communication to the server 
system; 

means for appending the stored session identifier to each of subsequent communications 
from the client to the server system; and 

means for servicing the subsequent service requests. 

36. The information system of Claim 35 wherein access rights of the client are ftiUy 
contained within the session identifier. 

37. An information system as claimed in Claim 35 wherein the means for providing the 
session idenfifier is in a server system which services the requests. 

38. An information system as claimed in Claim 35 fiirther comprising an authorization 
routine for authorizing the client prior to issuing the session identifier and means for protecting 
the session identifier from forgery. 



39. An information server system as claimed in Claim 35 further comprising a transaction log 
for recording information from the session identifier. 

40. An information system as claimed in Claim 35 further comprising means for tracking 
access history of sequences of service requests within the session of requests. 

41 . An information system as claimed in Claim 35 further comprising means for counting 
requests to particular services exclusive of repeated requests from a common client. 

42. An information system as claimed in Claim 35 further comprising a data base relating 
customer information to access patterns. 

43. An information system as claimed in Claim 42 wherein the information includes 
customer demographics. 

49. The method of Claim 3 wherein the session identifier is cryptographically generated. 

50. The method of Claim 3 further comprising: 

returning a response to the client, the response redirecting an initial service request to an 
authentication server, the authentication server providing the session identifier. 

5 1 . The method of Claim 3, wherein the session identifier is appended to at least one path 
name in a document returned by the server system. 



52. The method of Claim 5 1 , wherein the at least one path name is in a link in the returned 
document. 

53. The method of Claim 52 wherein the link is an absolute link. 

54. The method of Claim 52 wherein the link comprises a uniform resource locator. 

55. The method of Claim 5 1 wherein the step of appending the session identifier comprises 
filtering the requested document. 

56. The method of Claim 51 wherein the session identifier is cryptographically generated. 

57. The method of Claim 51 wherein the session identifier is directed to an accessible 
domain. 

58. The method of Claim 51 wherein the session identifier comprises an expiration time. 

59. The method of Claim 5 1 wherein the session identifier comprises a date. 

60. The method of Claim 5 1 wherein the session identifier comprises a key identifier. 

61. The method of Claim 51 wherein the session identifier comprises an address of the client. 



62. The method of Claim 51 wherein the session identifier comprises a digital signature. 

63. The method of Claim 31 wherein the authorization identifier is provided by 
authentication server. 

67. The method of Claim 3, wherein the session identifier is designated by the server system, 
further' comprising the steps of: 

validating, at the server system, the appended session identifier; and 
returning a controlled document if the appended session identifier is valid. 

68. The method of Claim 67 wherein the session identifier is cryptographically generated. 

69. The method of Claim 67 wherein the session identifier is directed to an accessible 
domain. 

70. The method of Claim 67 wherein the session identifier comprises an expiration time. 

71 . The method of Claim 67 wherein the session identifier comprises a date. 

72. The method of Claim 67 wherein the session identifier comprises a key identifier. 

73. The method of Claim 67 wherein the session identifier comprises an address of the client. 



74. The method of Claim 67 wherein the session identifier comprises an unforgeable digital 
signature. 

75. The method of Claim 67 wherein the session identifier facilitates authenticated accesses 
across multiple content servers. 

76. The method of Claim 67 wherein the document is customized for a particular user based 
on a user identification of the session identifier. 

77. The method of Claim 67, wherein the session identifier is appended to at least one path 
name in a document returned by the server system. 

78. The method of Claim 77 wherein the step of appending the session identifier comprises 
filtering the requested document. 

79. A method of processing service requests from a client to a server system through a 
network, said method comprising the steps of 

forwarding a service request from the client to the server system, wherein 
communications between the cHent and server system are according to hypertext transfer 
protocol; 

returning a session identifier from the server system to the client, the client storing the 
session identifier for use in subsequent communications; and 



at the client, appending as part of a path name in a uniform resource locator the stored 
session identifier to each subsequent service request from the client to the server system within a 
session of requests. 

80. The method of Claim 79 wherein the session identifier is cryptographically generated. 

81 . The method of Claim 79 further comprising: 

retuming a response to the client, the response containing a locator for an authentication 
server, the response redirecting the first service request to the authentication server, the 
authentication server providing the session identifier. 

82. The method of Claim 79, wherein the session identifier is appended to at least one path 
name in a document retumed by the server system. 

83. The method of Claim 82, wherein the at least one path name is in a link in the retumed 
document. 

84. The method of Claim 83 wherein the link is an absolute link. 

85. The method of Claim 83 wherein the link comprises a uniform resource locator. 

86. The method of Claim 82 wherein the step of appending the session identifier comprises 
filtering the requested document. 



87. The method of Claim 82 wherein the session identifier is cryptographically generated. 

88. The method of Claim 82 wherein the session identifier is directed to an accessible 
domain. 

89. The method of Claim 82 wherein the session identifier comprises an expiration time. 

90. The method of Claim 82 wherein the session identifier comprises a date. 

91. The method of Claim 82 wherein the session identifier comprises a key identifier. 

92. The method of Claim 82 wherein the session identifier comprises an address of the client. 

93. The method of Claim 82 wherein the session identifier comprises an unforgeable digital 
signature. 

96. The method of Claim 3, further comprising: 
servicing a request; and 

automatically charging a user identified by the session identifier for the service provided. 



97. The method of Claim 3, wherein at least one service request comprises a purchase 
request, the purchase request including an associated user identifier, the method further 
comprising: 

accessing, upon receipt of the purchase request at the server system, user information 
associated with the user identifier sufficient to charge to an account associated with the user, the 
purchase price of the product identified by the purchase request; 

charging the user for the product identified by the purchase request according to the user 
information; and 

fulfilling the purchase request based on the user information. 

98. The method of Claim 97, wherein the client includes the user identifier in a session 
identifier appended to the purchase request. 

100. The method of Claim 3, further comprising: 1 

under control of a client system, displaying information identifying a product; and 
in response to a user selection of a hyperlink associated with a product desired to be 

purchased, sending a request to purchase the item along with an identifier of a purchaser of the 
item to a server system; and 

under control of the server system, upon receiving the request, retrieving additional 
information previously stored for the purchaser identified by the identifier in the received 
request; 

charging the user the purchase price of the product; and 
fulfilling the request for the product. 



101. The method of Claim 3, wherein the session identifier is appended by the cHent. 

102. The method of Claim 101 , wherein the session identifier is cryptographically generated. 

103. The method of Claim 31, further comprising: 
identifying the user from the authorization identifier; and 
automatically charging the identified user for the document. 

104. The method of Claim 31, wherein the document is returned electronically. 

1 05. The method of Claim 3 1 , wherein a physical copy of the document is sent. 

1 06. The method of Claim 3 1 , wherein the authorization identifier in appended to uniform 
resource locator. 

108. The method of Claim 3, wherein a service request comprises a request to purchase a 
product. 

109. The method of Claim 108, wherein the product is transmitted over the network. 

110. The method of Claim 109, wherein the product is a newspaper/newsletter article. 



111. The method of Claim 108, wherein the product is a durable product. 

112. A method of processing, in a server system, service requests from a cHent to the server 
system through a network, said method comprising the steps of: 

receiving, from the client, a service request to which a session identifier stored at the 
client has been appended by the client, wherein communications between the client and server 
system are according to hypertext transfer protocol; 

validating the session identifier appended to the service request; and servicing the service 
request if the appended session identifier is valid. 

1 13. The method of Claim 112, further comprising, in the server system: 
receiving an initial service request from the client; 

creating, responsive to the initial service request, the session identifier; and 
returning the session identifier to the client for storage by the client for use in subsequent 
distinct requests to the server system. 

114. A method of processing, in a server system, uniform resource locator (URL) calls from a 
client to the server system through a network, said method comprising the steps of: 

receiving, from the client, a URL call to which a session identifier stored at the client has 
been appended by the client; 

validating the session identifier appended to the URL; and servicing the URL call if the 
appended session identifier is valid. 



115. The method of Claim 1 14, further comprising, in the server system: 
receiving an initial URL call from the client; 

creating, responsive to the initial URL call, the session identifier; and 
returning the session identifier to the client for storage by the client for use in each URL 
call to the server system. 



